core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java - syncope - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.syncope.core.workflow.java;

 import java.util.HashSet;
 import java.util.Set;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.request.UserCR;
 import org.apache.syncope.common.lib.request.UserUR;
 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.provisioning.api.UserWorkflowResult;
 import org.apache.syncope.core.provisioning.api.data.UserDataBinder;
 import org.apache.syncope.core.spring.security.AuthContextUtils;
 import org.apache.syncope.core.workflow.api.UserWorkflowAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;

 @Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = { Throwable.class })
 public abstract class AbstractUserWorkflowAdapter extends AbstractWorkflowAdapter implements UserWorkflowAdapter {

     protected static final Logger LOG = LoggerFactory.getLogger(UserWorkflowAdapter.class);

     @Autowired
     protected UserDataBinder dataBinder;

     @Autowired
     protected UserDAO userDAO;

     @Autowired
     protected EntityFactory entityFactory;

     @Override
     public String getPrefix() {
         return null;
     }

     @Override
     public UserWorkflowResult<Pair<String, Boolean>> create(
             final UserCR userCR, final String creator, final String context) {

         return create(userCR, false, null, creator, context);
     }

     protected abstract UserWorkflowResult<Pair<String, Boolean>> doCreate(
             UserCR userCR, boolean disablePwdPolicyCheck, Boolean enabled, String creator, String context);

     @Override
     public UserWorkflowResult<Pair<String, Boolean>> create(
             final UserCR userCR,
             final boolean disablePwdPolicyCheck,
             final Boolean enabled,
             final String creator,
             final String context) {

         return doCreate(userCR, disablePwdPolicyCheck, enabled, creator, context);
     }

     protected abstract UserWorkflowResult<String> doActivate(User user, String token, String updater, String context);

     @Override
     public UserWorkflowResult<String> activate(
             final String key, final String token, final String updater, final String context) {

         return doActivate(userDAO.authFind(key), token, updater, context);
     }

     protected abstract UserWorkflowResult<Pair<UserUR, Boolean>> doUpdate(
             User user, UserUR userUR, String updater, String context);

     @Override
     public UserWorkflowResult<Pair<UserUR, Boolean>> update(
             final UserUR userUR, final String updater, final String context) {

         UserWorkflowResult<Pair<UserUR, Boolean>> result = doUpdate(
                 userDAO.authFind(userUR.getKey()), userUR, updater, context);

         User user = userDAO.find(userUR.getKey());
         if (!AuthContextUtils.getUsername().equals(user.getUsername())) {
             // ensure that requester's administration rights are still valid
             Set<String> authRealms = new HashSet<>();
             authRealms.addAll(AuthContextUtils.getAuthorizations().
                     getOrDefault(IdRepoEntitlement.USER_READ, Set.of()));
             authRealms.addAll(AuthContextUtils.getAuthorizations().
                     getOrDefault(IdRepoEntitlement.USER_UPDATE, Set.of()));
             userDAO.securityChecks(
                     authRealms,
                     user.getKey(),
                     user.getRealm().getFullPath(),
                     userDAO.findAllGroupKeys(user));
         }

         return result;
     }

     protected abstract UserWorkflowResult<String> doSuspend(User user, String updater, String context);

     @Override
     public UserWorkflowResult<String> suspend(final String key, final String updater, final String context) {
         User user = userDAO.authFind(key);

         // set suspended flag
         user.setSuspended(Boolean.TRUE);

         return doSuspend(user, updater, context);
     }

     @Override
     public Pair<UserWorkflowResult<String>, Boolean> internalSuspend(
             final String key, final String updater, final String context) {

         User user = userDAO.authFind(key);

         Pair<UserWorkflowResult<String>, Boolean> result = null;

         Pair<Boolean, Boolean> enforce = userDAO.enforcePolicies(user);
         if (enforce.getKey()) {
             LOG.debug("User {} {} is over the max failed logins", user.getKey(), user.getUsername());

             // reduce failed logins number to avoid multiple request
             user.setFailedLogins(user.getFailedLogins() - 1);

             // set suspended flag
             user.setSuspended(Boolean.TRUE);

             result = Pair.of(doSuspend(user, updater, context), enforce.getValue());
         }

         return result;
     }

     protected abstract UserWorkflowResult<String> doReactivate(User user, String updater, String context);

     @Override
     public UserWorkflowResult<String> reactivate(final String key, final String updater, final String context) {
         User user = userDAO.authFind(key);

         // reset failed logins
         user.setFailedLogins(0);

         // reset suspended flag
         user.setSuspended(Boolean.FALSE);

         return doReactivate(user, updater, context);
     }

     protected abstract void doRequestPasswordReset(User user, String updater, String context);

     @Override
     public void requestPasswordReset(final String key, final String updater, final String context) {
         doRequestPasswordReset(userDAO.authFind(key), updater, context);
     }

     protected abstract UserWorkflowResult<Pair<UserUR, Boolean>> doConfirmPasswordReset(
             User user, String token, String password, String updater, String context);

     @Override
     public UserWorkflowResult<Pair<UserUR, Boolean>> confirmPasswordReset(
             final String key, final String token, final String password, final String updater, final String context) {

         return doConfirmPasswordReset(userDAO.authFind(key), token, password, updater, context);
     }

     protected abstract void doDelete(User user);

     @Override
     public void delete(final String userKey) {
         doDelete(userDAO.authFind(userKey));
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.syncope.core.workflow.java;

	import java.util.HashSet;
	import java.util.Set;
	import org.apache.commons.lang3.tuple.Pair;
	import org.apache.syncope.common.lib.request.UserCR;
	import org.apache.syncope.common.lib.request.UserUR;
	import org.apache.syncope.common.lib.types.IdRepoEntitlement;
	import org.apache.syncope.core.persistence.api.dao.UserDAO;
	import org.apache.syncope.core.persistence.api.entity.EntityFactory;
	import org.apache.syncope.core.persistence.api.entity.user.User;
	import org.apache.syncope.core.provisioning.api.UserWorkflowResult;
	import org.apache.syncope.core.provisioning.api.data.UserDataBinder;
	import org.apache.syncope.core.spring.security.AuthContextUtils;
	import org.apache.syncope.core.workflow.api.UserWorkflowAdapter;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.transaction.annotation.Propagation;
	import org.springframework.transaction.annotation.Transactional;

	@Transactional(propagation = Propagation.REQUIRES_NEW, rollbackFor = { Throwable.class })
	public abstract class AbstractUserWorkflowAdapter extends AbstractWorkflowAdapter implements UserWorkflowAdapter {

	protected static final Logger LOG = LoggerFactory.getLogger(UserWorkflowAdapter.class);

	@Autowired
	protected UserDataBinder dataBinder;

	@Autowired
	protected UserDAO userDAO;

	@Autowired
	protected EntityFactory entityFactory;

	@Override
	public String getPrefix() {
	return null;
	}

	@Override
	public UserWorkflowResult<Pair<String, Boolean>> create(
	final UserCR userCR, final String creator, final String context) {

	return create(userCR, false, null, creator, context);
	}

	protected abstract UserWorkflowResult<Pair<String, Boolean>> doCreate(
	UserCR userCR, boolean disablePwdPolicyCheck, Boolean enabled, String creator, String context);

	@Override
	public UserWorkflowResult<Pair<String, Boolean>> create(
	final UserCR userCR,
	final boolean disablePwdPolicyCheck,
	final Boolean enabled,
	final String creator,
	final String context) {

	return doCreate(userCR, disablePwdPolicyCheck, enabled, creator, context);
	}

	protected abstract UserWorkflowResult<String> doActivate(User user, String token, String updater, String context);

	@Override
	public UserWorkflowResult<String> activate(
	final String key, final String token, final String updater, final String context) {

	return doActivate(userDAO.authFind(key), token, updater, context);
	}

	protected abstract UserWorkflowResult<Pair<UserUR, Boolean>> doUpdate(
	User user, UserUR userUR, String updater, String context);

	@Override
	public UserWorkflowResult<Pair<UserUR, Boolean>> update(
	final UserUR userUR, final String updater, final String context) {

	UserWorkflowResult<Pair<UserUR, Boolean>> result = doUpdate(
	userDAO.authFind(userUR.getKey()), userUR, updater, context);

	User user = userDAO.find(userUR.getKey());
	if (!AuthContextUtils.getUsername().equals(user.getUsername())) {
	// ensure that requester's administration rights are still valid
	Set<String> authRealms = new HashSet<>();
	authRealms.addAll(AuthContextUtils.getAuthorizations().
	getOrDefault(IdRepoEntitlement.USER_READ, Set.of()));
	authRealms.addAll(AuthContextUtils.getAuthorizations().
	getOrDefault(IdRepoEntitlement.USER_UPDATE, Set.of()));
	userDAO.securityChecks(
	authRealms,
	user.getKey(),
	user.getRealm().getFullPath(),
	userDAO.findAllGroupKeys(user));
	}

	return result;
	}

	protected abstract UserWorkflowResult<String> doSuspend(User user, String updater, String context);

	@Override
	public UserWorkflowResult<String> suspend(final String key, final String updater, final String context) {
	User user = userDAO.authFind(key);

	// set suspended flag
	user.setSuspended(Boolean.TRUE);

	return doSuspend(user, updater, context);
	}

	@Override
	public Pair<UserWorkflowResult<String>, Boolean> internalSuspend(
	final String key, final String updater, final String context) {

	User user = userDAO.authFind(key);

	Pair<UserWorkflowResult<String>, Boolean> result = null;

	Pair<Boolean, Boolean> enforce = userDAO.enforcePolicies(user);
	if (enforce.getKey()) {
	LOG.debug("User {} {} is over the max failed logins", user.getKey(), user.getUsername());

	// reduce failed logins number to avoid multiple request
	user.setFailedLogins(user.getFailedLogins() - 1);

	// set suspended flag
	user.setSuspended(Boolean.TRUE);

	result = Pair.of(doSuspend(user, updater, context), enforce.getValue());
	}

	return result;
	}

	protected abstract UserWorkflowResult<String> doReactivate(User user, String updater, String context);

	@Override
	public UserWorkflowResult<String> reactivate(final String key, final String updater, final String context) {
	User user = userDAO.authFind(key);

	// reset failed logins
	user.setFailedLogins(0);

	// reset suspended flag
	user.setSuspended(Boolean.FALSE);

	return doReactivate(user, updater, context);
	}

	protected abstract void doRequestPasswordReset(User user, String updater, String context);

	@Override
	public void requestPasswordReset(final String key, final String updater, final String context) {
	doRequestPasswordReset(userDAO.authFind(key), updater, context);
	}

	protected abstract UserWorkflowResult<Pair<UserUR, Boolean>> doConfirmPasswordReset(
	User user, String token, String password, String updater, String context);

	@Override
	public UserWorkflowResult<Pair<UserUR, Boolean>> confirmPasswordReset(
	final String key, final String token, final String password, final String updater, final String context) {

	return doConfirmPasswordReset(userDAO.authFind(key), token, password, updater, context);
	}

	protected abstract void doDelete(User user);

	@Override
	public void delete(final String userKey) {
	doDelete(userDAO.authFind(userKey));
	}
	}